Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam

Spam Increases Make Things Tough For Companies 363

Posted by CmdrTaco from the to-say-nothing-of-little-old-me dept.
dosten sent us a link to a story running on Cnet about the spam epidemic. My favorite stat is that by 2006, we'll be getting 1400 spam a year. Of course, I already get that every week. Talks about foreign spam relays, block lists, and so on. Decent piece explaining a huge problem that's only getting worse.
This discussion has been archived. No new comments can be posted.

Spam Increases Make Things Tough For Companies More

Spam Increases Make Things Tough For Companies

Comments Filter:

  • Resume bots (Score:5, Interesting)

    by skippy5066 ( 563917 ) on Thursday March 21, 2002 @01:46PM (#3201851)
    The biggest offender for me? Resume bots. I post my resume to see if people are hiring, and I get 12 messages a day from OTHER resume posting sites trying to get me to go there and post again.

    If they're smart enough to grab my email addy, why can't they harvest my resume too and leave me alone?

    -skip

    • Re:Resume bots (Score:3, Interesting)

      by reaper20 ( 23396 )
      Agreed, another one that sucks are the one that your registrar sold you out on. I only own 5 domains, and these can start to pile up. I generally avoid register.com, but it seems like most of the domain houses are selling you out.

      I know the spammers are probably harvesting your whois information but having

      "Register.com let us know that your website is missing on some search engines"

      really pisses me off. I guess I shouldn't have bought them on such a long contract ...

  • Law makers might realize the problem. (Score:5, Funny)

    by www.sorehands.com ( 142825 ) on Thursday March 21, 2002 @01:48PM (#3201884) Homepage
    Maybe after seeing this lawmakers will realize the extent of the problem.


    The Chinese government ignored SPAM problems, until enough people blacklisted China and then they took notice.


    Maybe we should forward all the spam that we receive to congress, with a little note attached. Maybe they would take notice, then.

  • Growth, Growth, Growth.... (Score:5, Insightful)

    by mlknowle ( 175506 ) on Thursday March 21, 2002 @01:48PM (#3201889) Homepage Journal
    The 1400 number is a bit sketchy; I think to assume that SPAM will continue to grow at a current rate for four years is more than a bit unreasonable.

    On the contrary, I think one of two things will happen:

    1. SPAM will explode long before 2006 - the number of messages will grow to such an extent that a political solution will become unavoidable. In effect, the SPAMers will SPAM themselves out of existence - but not without paralyzing the net for some time.

    2. SPAM click rates will continue to fall, and bandwidth costs will soar, so eventually the point will be reached that most SPAM will no longer be viable economically- this may be some time away, but I think it is certainly a possibility.

    Even if costs increase, something tells me that 1) is far more likely to occur than 2)..... But the most likely thing to happen will be that I move to a address-book-only-accepted mailbox setup... Sigh.....

    • Re:Growth, Growth, Growth.... (Score:4, Informative)

      by Riskable ( 19437 ) <YouKnowWho@YouKnowWhat.com> on Thursday March 21, 2002 @01:59PM (#3202004) Homepage Journal
      2. SPAM click rates will continue to fall, and bandwidth costs will soar, so eventually the point will be reached that most SPAM will no longer be viable economically- this may be some time away, but I think it is certainly a possibility.

      Ahh, but you do realize that most spammers utilize others' bandwidth for their task? That's why it's so popular (no overhead). What we really need to happen is for companies with open relays to sue spammers for the cost of the bandwidth useage... Not just blocking the spam.
    • So long as AOL is giving out those "Free hours!" CDs, spam will never be too expensive to send.

      Until all ISPs start charging 'clean up' fees for spam offenses, there's really no big incentive to keep folks from ever spamming. Sure, they'll lose their account that sent the spam, but the damage has already been done.

      I think the spammers realize this as well. I'm getting more and more spam that tells me to call a phone number or write to some physical address for more information. This way, even if they lose their mail account (and they WILL lose it) there's still a chance one or two suckers will contact them.

      This means even if they only make $1 from a spam run, that's all profit. Is it any wonder there's so much spam?

      That's why spammers need to be fined by their ISP for deleting their account. If nothing else, it'll raise the price of spamming.

    • Come on! (Score:3, Insightful)

      by w.p.richardson ( 218394 )
      2. SPAM click rates will continue to fall, and bandwidth costs will soar, so eventually the point will be reached that most SPAM will no longer be viable economically- this may be some time away, but I think it is certainly a possibility.

      No way this will ever happen! Ever hear of junk mail (not spam email, real paper junk mail)? Has it become unviable? No. As a matter of fact, it is the most effective form of advertising. As more and more people worldwide use email, targeted spam will become as effective as the direct mail is now.

      The spam is green. It is still in its infancy as a marketing medium.

      • Re:Come on! (Score:3, Interesting)

        by LinuxHam ( 52232 )
        As a matter of fact, it is the most effective form of advertising.

        Not in my house. I especially like the ads for pool cleaning, lawn care, and driveway repaving as I live in a condo. I taught my wife how to spot spam quickly in her Yahoo! inbox and luckily its carried over to our postal mail to. All our junk mail is a huge pain in the aishe and huge waste of time.
    • The 1400 number is a bit sketchy


      Excuse me? Are you living under a rock? Every day I receive something like 30-40 spams. So, that totals to: 35 (mid-range) * 365 = 12775 spams in a year. I'm not kidding. I get junked down with so much spam I have a hard time finding messages that are NOT spam in my mailbox. Is this a problem? You bet your ass. Have I done anything about it? Yep. I spent about a month forwarding headers to abuse addresses, but did that help? no! What it did was cost me time. Lots of time. About an hour every day, devoted to nothing but bothering with spam.

      I don't want that shit in my email box. I didn't ask for it (I _NEVER_ use that email address for registrations) - it just seems to come to me. Personally, I want all those companies shut down, and hard. They should be fined like crazy. Ever hear of an effulent fee? That's what should be proposed. They are wasting bandwidth, time, money, electricity, everything.

      It's a big problem. I don't know what cloud you are on, but come back to Earth.

      • 1. Never sign up for a pr0n site.

        2. Do not post your primary address to a public forum.

        3. Don't piss people off.

        If you are getting 40 spams a day, you are doing something stupid.
        • If you are getting 40 spams a day, you are doing something stupid.

          Hey, that's a little harsh. Some of us here have posted to Usenet long before it was "stupid" to do so using a non-spam-protected email address. Back when people thought you could actually get in *trouble* for spam-protecting your email address because you were violating an Internet RFC.

          Now with Google Groups bringing twenty years of Usenet back online for easy searching, one can only imagine how many "new" (new == really really old) email addresses have been snarfed. Of course, I'm sure my really old ones are circulating on a number of CDs. I've had my current one since 95 and I get about 35 to 40 spams a day. Luckily my provider uses some technique to mark all but five or so a day with an X-Spam-Warning.
        • 1. I don't sign up for pr0n sites. There are enough free sites out there to keep my libido busy for a while.

          2. I never even talk in public fora.

          3. Wow.

          No, I don't think I am doing something stupid. I think companies are acting very unethically.

        • Re:Suggestions to avoid spam. (Score:5, Informative)

          by bero-rh ( 98815 ) <bero@reCOMMAdhat.com minus punct> on Thursday March 21, 2002 @04:28PM (#3203298) Homepage
          If you are getting 40 spams a day, you are doing something stupid.

          No, not necessarily. I get about 80 spams a day, and I've tracked most of them down to a couple of things:

          • The bug-gnu-utils list is gated to spamnet, formerly known as usenet. While I post to bug-gnu-utils with an obfuscated addresses these days, I can't prevent people from sending bug reports to bug-gnu-utils and Cc'ing me -- thereby making my address visible to spambots harvesting spamnet.
          • Address mentioned in public places by someone else, such as "If you're seeing that bug in the Red Hat packages only, contact their packager at ..."
          • Address listed on a website (feedback requests, without obfuscating the address to make it easier for users) - this is also what generates a lot of spam on our security contact address


          All of those aren't stupid things to do - but spammers make use of them nevertheless.

          Pointing them to my SMTP server's terms of service [bero.org] and trying to claim payment usually doesn't generate a response at all. [And if you can't afford a lawyer, trying to take a spammer to court won't do much good]

          Actually, the only spammer ever to react to one turned out to be a 14 year old kid who fell for a "make money fast, we assure you it's legal" scam, and I don't really want to make a victim pay more than they have.
    • I think SPAM could be limited if our government dedicated more resources to white collar crime and fraud than to other pursuits like the war on drugs.

      Most of what passes for SPAM in my mailbox is either prima facie fraudulent products (penis enlargers) and offers (stock "tips") or setups to fraudulent web sites for porn or related items.

      If people who did these scams were actually investigated and ultimately jailed with great frequency we would have fewer SPAM messages. They have to be invetigatable because there has to be a way for them to get money from your pocket to theirs.

      Also, I think that there'd have to be few convictions. Merely having the FBI/SEC/ATF show up and start doing a serious investigation is enough to scare a lot of people into other lines of fraud.

      This wouldn't do anything for offshore scammers, but I have a feeling that the offshore places are going to have to get their shit together or they will start finding lots of the 1st world net blackholed to all of their data.
    • I completely agree with this. The responses to SPAM are still coming from people who are relatively new to the Internet (say my Mom). Once Mom gets the idea that SPAM is crap she'll stop paying attention to it (she already has really... it doesn't take long). So it won't be long before the click rates fall through the floor... right now it's just the suckers (and there are a lot of 'em... but the number isn't infinite.)

      And the ISPs are going to start lobbying congress soon because of all the zillions they're spending on bandwidth. Spamming is a 2002 problem at best, by 2004 I think it'll be taken care of. Seriously. Lawmakers get as much SPAM or more then we do and they're sick of it too.

      As an aside, I feel like the parent when I have to say to Mom things like, "HOW many times have I told you not to respond to emails from strangers?!? Don't come running to me when you get a virus on your computer that erases everything and drains your bank account dry."

      -Russ

      • right now it's just the suckers (and there are a lot of 'em... but the number isn't infinite.)

        One born every minute, or so the saying goes. Enough people still seem to be switching long-distance services when they receive telephone solicitations, so I don't see spam stopping anytime soon.

        mark

    • 2. SPAM click rates will continue to fall, and bandwidth costs will soar, so eventually the point will be reached that most SPAM will no longer be viable economically- this may be some time away, but I think it is certainly a possibility.

      Bandwidth costs are not storing. There is a ton of left over bandwidth from the .COM bubble which is going unused. SPAM is relatively lightweight. We need either technical or political solutions. We can't wait for spam to get too expensive because of bandwidth.
      • Bandwidth costs are not storing. There is a ton of left over bandwidth from the .COM bubble which is going unused

        I'm assuming you meant "soaring", not "storing". It's funny you should make this comment because today's USA Today has an article [usatoday.com] that explains precisely why bandwidth charges will soon start to soar. Bandwidth left over from the .com era is in DARK fibre. And while the telecoms that bought all that fibre are going under, it costs **20 times as much** as the purchase price of all that fibre to actually light it up. Not to mention it takes 9 to 18 months to do it.

        So while bandwidth needs will continuously climb at dramatic rates, no one is starting projects to actually light up all that fibre to meet 1q04 needs. The article compares dark fibre to seed that farmers buy. You can't compare seed in a silo to corn being sold in a supermarket.

  • spam defense (Score:2, Interesting)

    by sheol ( 153979 )
    I recently sent a reply [pheed.org] to a spam [pheed.org] I recieved demanding $110 for my troubles. Maybe if everyone starts taking legal action against spammers, they'll get a clue, and stop bombarding us with this junk.
    • I recieved a spam from the same company that was mentioned. Of all things, the spam was generated when I posted to an alumni message board of the high school I went to. To start with, the website is not mine, and second, I would much rather see the students in the web programming class learn how to promote the site. I forwarded the spam to Neil Schwartzman [petemoss.com] and he replied back to me stating that the best thing I can do is ignore it. I wouldn't expect a dime from this. If they do act, it would be a very interesting precedent that was set.

    • Re:spam defense (Score:4, Interesting)

      by reaper20 ( 23396 ) on Thursday March 21, 2002 @02:01PM (#3202018) Homepage
      I don't think that will fix the problem, except increase the amount of lawyers in the world, and we can be sure that's not good.

      I know two wrongs don't make a right, but I would actually respect script kiddies and the like if they targetted spammers instead of everyone. Someone cracking into the spamhouses and creating havoc on their networks, thrashing their servers, and randomly destroying spam programs would make for some good storytelling on slashdot.

      I say screw the legal road, they're using 'illegal' and sneaky ways to take over systems - I say we give it right back to them.

      Normally if that happens to a sysadmin or friend of mine, I am apologetic - having this happen to spam scumbags, I would cheer from the sideline.

  • How profitable is spam? (Score:5, Funny)

    by Yoda2 ( 522522 ) on Thursday March 21, 2002 @01:50PM (#3201911)
    I know its cheap, but I'm really curious to see how much spammers really profit from their ads. There has to be a certain profile for the person who really believes that they can enlarge their penis by "clicking here".

    Maybe the spammers should focus on only AOL addresses since their members seem to like daily solicitation, and leave the rest of us alone!

    • Maybe the spammers should focus on only AOL addresses since their members seem to like daily solicitation, and leave the rest of us alone!

      Maybe we should enlarge the spammers penises. There is a variety of heavy machinery that could be used to result in a much larger (but paper thin) penis. Or perhaps we should shove bottle after bottle of their "herbal Viagra" down their throats until they are unable click the 'send' button.

      'sigh' [deletes another batch of spam]

    • Re:How profitable is spam? (Score:5, Informative)

      by AnotherBlackHat ( 265897 ) on Thursday March 21, 2002 @03:33PM (#3202827) Homepage
      know its cheap, but I'm really curious to see how much spammers really profit from their ads. There has to be a certain profile for the person who really believes that they can enlarge their penis by "clicking here".

      Maybe the spammers should focus on only AOL addresses since their members seem to like daily solicitation, and leave the rest of us alone!


      Opinions vary, but I believe that the response rate is 1-3 per 10,000.
      Responses aren't sales, but if we use junk mail as a guide, there's approximately a 10%
      sell through rate. That means 1-3 sales per 100,000. As a guess, most crap sold via spam
      is about 90% profit and sells for about $40.00. A dedicated spammer could easily saturate the market,
      which is about 150,000,000 people. That works out to about $50,000.
      That's a lot of assumptions, but I believe $50,000 is within an order of magnitude of correct.
      Not enough to excite me, but unfortunately more than enough to keep those assholes going.

      I have a friend who works for an ISP. He claims a spammer offered to pay the ISP $10,000
      a month to cover the cost of dealing with the spam complaints, if they were allowed to continue spamming.
      The spammer clearly thought that spam was worth more the $10,000 a month.

      -- Spam Wolf, the best spam blocking vaporware yet! [spamwolf.com]

  • This may be the only way to keep up: (Score:5, Interesting)

    by TheFlu ( 213162 ) on Thursday March 21, 2002 @01:51PM (#3201921) Homepage
    Here is, what I believe to be, a better approach to fighting SPAM: Tagged Message Delivery Agent [libertine.org](TMDA)

  • 1,400 per YEAR (Score:5, Insightful)

    by NickPest ( 84591 ) on Thursday March 21, 2002 @01:51PM (#3201926)
    Internet researcher Jupiter Media Metrix estimates that consumers will receive about 206 billion junk e-mailings in 2006--an average of 1,400 per person, compared with about 700 per person this year.

    Still, that's only about 4/day which seems very conservative to me.
    • Still, that's only about 4/day which seems very conservative to me.

      True - it's about what I get daily. The problem is: I can pretty well get rid of spam in my private mail using one-time mail aliases for most purposes, but I can't do that at work.

  • Find your lawmakers home emails - city council, county council, city prosecuting attorney,state reps, governor, state attorney general, federal delegations ...

    And change your settings to "reply to" the spamsters that send you spam with their info.

    They'll fix it fast if it affects them. That's why we have some of our state's laws about credit reports - it directly affected my senator's daughter (he's retired from the senate now).

    Nothing like making it personal.

    [note - I am not advising you do this - just pointing out what will happen if some people did this - caveat emptor]
    -
    • Don't mess with any of the fields in emails, or forward anything to the gov't types. Just create a few web pages with the email addresses of the folks you want to take official notice of the problem, and let the spam spiders do all the work. A few test posts to usenet with those addresses included for those harvesters would also help.

      Any deception on your part makes you look bad, not the poor mislead spammer. Spammers are bad enough on their own, just maybe they need a push to go after the people you want particularly mad at spam.

  • I block Asia, Russia and other places (Score:4, Interesting)

    by Offwhite98 ( 101400 ) on Thursday March 21, 2002 @01:54PM (#3201956) Homepage
    I noticed a massive increase in the amount of spam that I was getting. Fortunately I am running my own FreeBSD server for mail and I simply updated access lists for the frequent offenders. That blocked some, but I was still getting a great deal of mail coming in.

    Finally I was told that I can identify countries by their IP block. Now that I block Korea, Russia and other countries I am not back down to my normal daily allowance of 2 pieces of spam a day.

    I also have a spam blocking strategy others may want to use. Since I run my own domain I create an alias for every website which wants me to register. For example, here I have an alias for slashdot@offwhite.net which is posted along with my comments. I also have one for cdnow.com@offwhite.net, cnn.com@offwhite.net, etc. When I sign up for a newsletter or post comments I will know where the incoming spam originated. Unfortunately I found that my slashdot alias was the culprit for much of the mail. Spammers are obviously scraping this site.

    After I put my spam blocking lists in place, in addition to the normal RBL features you can do with spam I am block tons of mail for me and all the users on my server. And in a single day the daily report that FreeBSD sends out shows that I blocked 111 pieces of mail just for my offwhite.net domain.

    Perhaps eventually I can release some of these offending domains from my access/blocking list, but for now I am simply returning an obscure message that the user was not found. It is my hope that they simply remove my name from their lists. One can only hope.
    • That's pretty sad, considering the vehement hatred of spam and high level of technical skill here at Slashdot, harvesting email addresses here seems like a fool's game. Of course, spamming falls in the category of get-rich-quick schemes, so that's no surprise.
    • Sneakemail [sneakemail.com]

      It does exactly what you are talking about, only you dont need to run your own mail server. They forward to your real address. You can set each alias to allow all, deny all, allow all except specifically blocked (per sender), or block all except specifically allowed (per sender).

      So basically I have a slashdot alias, but slashdot@slashdot.org is the only person who can send mail to that alias ;-) All the other emails are put into a "mail-dam" that I periodically check for anything of real value. You can also set it to instantly trash mail from senders you dont allow.

      I run ORDB [ordb.org] on my mail server as well, and I will soon be blocking all of APNIC, I go several days now with no spam while receiving tons of legitimate email.

      On the off chance I get a spam, I immediately report it to spamcop.net

      You need to attack spam on many many levels for it to be effective ;-)

    • I also have one for cdnow.com@offwhite.net, cnn.com@offwhite.net, etc. When I sign up for a newsletter or post comments I will know where the incoming spam originated.

      What you've just done is totally b0rk your scheme.

      Spammers are obviously scraping this site.

      And you know about it.

      Brilliant.

      Now, when you get spam to your CDNow or CNN aliases, you won't know where they really came from.

      Idiot...

  • Overblown article (Score:3, Insightful)

    by binarybits ( 11068 ) on Thursday March 21, 2002 @01:59PM (#3202000) Homepage
    As others have pointed out, this is 1400 a year, not per day. Malda needs to learn to read.

    Secondly, I find the figure of $1 per spam to be kind of ludicrous. It takes me about 5 seconds to recognize a piece of mail is spam and delete it. 5 seconds of my time isn't worth $1. And the 10k it took the mail server to store the message and fraction of a penny in bandwidth aren't worth a dollar either.

    If corporate anti-spam offices are costing that much, then they're wasting their money. Let employees delete their own spam messages. It's really not that hard. It wastes maybe 5 minutes per week of my time. Is it annoying? Absolutely. Is it an "epidemic"? I don't think so.

    I hate spam as much as the next guy, but a sense of perspective is important. The technology to filter spam is rapidly advancing, and ISP's often *do* respond to complaints. Once Asia gets with the program, I'd expect this problem to subside somewhat.

    • Re:Overblown article (Score:5, Insightful)

      by telbij ( 465356 ) on Thursday March 21, 2002 @02:39PM (#3202390)
      First of all, I think you are right that simply deleting spam is not all that difficult or expensive. But in practice there are many more costly effects spam can have that can drive up the average cost ($1 is still pretty high though):

      • Employees may actually waste time clicking on spam links
      • High-bandwidth graphical spam can bring slow computers and connections to their knees
      • Spam can obfuscate legitimate emails, causing them to be deleted by accident in a flurry of spam deletions
      • I've experienced crashes that may have been caused by the huge volume of email, or the piss-poor HTML code, but definitely had to do with spam. Data loss is unquantifiable.
      All in all, I think having an administrator try to filter out spam before it gets to the 45,000 employees is a good idea. I mean, if a spam targets only 20,000 employees, they will still have to spend the 5*20,000 seconds to collectively delete the single spam that an admin could take care of at the root (also saving bandwidth and storage space). Throw in the issues of employees working with slow computers and slow connections and I can definitely see a full-time spam admin.

    • Re:Overblown article (Score:3, Informative)

      by dubl-u ( 51156 )
      Secondly, I find the figure of $1 per spam to be kind of ludicrous. It takes me about 5 seconds to recognize a piece of mail is spam and delete it.

      So let's assume that like most geeks, you're way on the end of the bell curve when it comes to processing information. Suppose the average spam delay is 30 seconds per person. They just said the guy worked at "a major telecommunications company"; let's assume that they're in the same league as SGI, another company mentioned in the article which has revenues of $300,000 per year per employee. [nwfusion.com]

      That works out to about $150 per hour in revenue, or $2.50 per minute. So that 30-second spam distraction costs $1.25 on average.

      And assuming their mail beeped and distracted them from something else, the cost could be a lot higher; distractions substantially reduce productivity. And if they click on a link or actually read the spam? yet more time gone. $1 is probably too low.
    • Read it again. You will see he says 1400 a year is what the article states, but that he himself gets 1400 a week. Not a day. Where'd that come from?
    • this is 1400 a year

      Right.

      Secondly, I find the figure of $1 per spam to be kind of ludicrous. It takes me about 5 seconds to recognize a piece of mail is spam and delete it. 5 seconds of my time isn't worth $1.

      Oh boy. Here we go! [breaks out calculator]

      5 x 1400 = 7000 / 60 = 116.67 = just under TWO HOURS of your time. Is this worth $1? Or more, perhaps?

      And the 10k it took the mail server to store the message and fraction of a penny in bandwidth aren't worth a dollar either.

      10 x 1400 = 14000 / 1024 = 13.67MB.

      And that's just for you.

      Assuming the ISP has 10,000 customers, that's almost 375 MB (13.67 x 10000 / 365) the ISP has to reserve on their mail server JUST FOR SPAM, PER DAY.

      Obviously, that assumes every user checks their mail once per day, no more, no less, and everyone gets 1,400 spam/year at 10k each. Since you made the same assumptions, I did as well to keep the numbers the same.

      So, is 375MB per day per 10k users worth $1? Or more, perhaps?

      Malda needs to learn to read.

      We know Rob's English isn't the best. What you've done is handily demonstrate that apparently your math isn't, either...

  • My first spamless day in years was today. (Score:3, Insightful)

    by Apuleius ( 6901 ) on Thursday March 21, 2002 @02:00PM (#3202011) Journal
    (Disclaimer: not directly relevant, but I thought I'd share.) My email address is scannable from Usenet posts made when I was young and foolish, so there is no hope of it not being available to spammers. But, since using Spamcop [spamcop.net], my spam levels decreased, and today at 9 AM MST, for the first time in years I checked my mail and it was spam free. I'm starting to suspect that spammers now keep lists of email addresses of people who are vigilant in reporting spam, and deleting them from their lists. (My hope is, that the CDs in which my email address resides, are now considered "no good," not just my address.) So, there is hope.
    • I've noticed a similar phenomena. I've been quite vigilant about reporting spammers and have been trying to report them to all of the possible channels, including the SEC if it's yet another pump-and-dump scheme.

      The best part is reporting first-time spammers. I make damn sure that when I see a spam I haven't seen before that I report it. I had the great satisfaction of watching some girl who wanted to be the next Britney Spears or something get her website shut down for spamming. Those people are the big spammers of the future. If somebody gets started in spamming and gets their access canned right away, they hopefully will realize that it's not as easy money as the person who set them up with spamming software said it was.

      But it is an uphill battle. Some companies are claiming that I did, in fact, opt-in at some point to receiving spam from their "partners". Taking care of those folks and tracking who initially sold my address has resulted quite a bit of improvement in my spam count. I don't have the opt-in networks, just the bulk viagra mails and whatnot coming from Asia, at this point.

      I've also noticed that unless you report spammers, they will spam you forever. I have some addresses that haven't been used for years that are still getting spam. I notice this because I get error messages occasionally because the auto-bounce message has nowhere to bounce to.

      When I get in one of those moods, I'll crank call all of the 1-800 numbers listed in the spam. That doesn't do anything for the spam count, but it does wonders for my mood. ;)

  • The problem is... (Score:2, Interesting)

    by tomstdenis ( 446163 )
    We are trying to cling to a system not designed with spammers in mind.

    Instead of trying to make it illegal to send spam [which is not going to stop it anyways] why not just invent whole new protocols?

    Primarily I'd add a hashcash payment system. Where in order for you to send me a message [that I would eventually see] you *must* do some work [e.g. find an N-bit collision].

    The idea is simple and if implemented correctly will be a huge deterrent to sending spam. Specially if it takes you 2 seconds or so to prepare the email!

    I think as a project I will implement a trivial version of this over TCP. In reality though it would be nice to see real professionals tackle something like this.

    Face it SMTP is outdated and wholly inappropriate!

    Tom
  • The easiest way to avoid most spam is to use disposable email addresses - open an account with Hotmail or Yahoo, etc. and use that as your "sign-up"/"service" email. Use your personal/work email just for that - work and personal correspondence. I rarely, if ever, get spam in my personal accounts.

    The effect will hopefully be twofold:
    1. You don't get spam where you don't want it.
    2. Choke Hotmail & Yahoo with spam, turning it into a corporate nuisance. Then they might move to actually blocking it - say by blacklisting mail servers. After all, there's nothing like a little corporate sponsorship to get the job done in the U.S.
  • Yup - i'm drowning in spam like the rest of us.... a 'typical' day is somewhere around 80 mails. Weekends are much worse....

    BUT.......

    There are MANY big name commercial companies that are spamming. They aren't stupid enough to spam themselves, they subcontract it to some other weasel who gets click-thru fees for the referrals that their spam generates.

    My two biggest offenders are NetFlix and 1-800-Flowers.

    Every piece of spam i get associated with a 'legit' company i make sure to forward to every address I can find on their web site, and make it very clear that I will NEVER do business with them as long as they maintain the practice.... and will discourage anybody who will listen to me to do the same.

    It won't stop everything. I still get tons of 'Cum Guzzling Co-Ed's', 'Increase your Penis Size', 'Viagra without a prescription', and 'REPAIR YOUR CREDIT NOW' mail, but every little bit helps....

    BOYCOTT NETFLIX
    BOYCOTT NETFLIX
    BOYCOTT NETFLIX
    BOYCOTT NETFLIX
    BOYCOTT NETFLIX
    BOYCOTT NETFLIX
    BOYCOTT NETFLIX

    • My two biggest offenders are NetFlix and 1-800-Flowers.

      Interesting. I joined Netflix about two months ago and noticed a dramatic increase in spam since then. Are you sure about this?

      • >>Interesting. I joined Netflix about two months
        >>ago and noticed a dramatic increase in spam
        >>since then. Are you sure about this?

        Misunderstanding. I'm not saying that Netflix is selling my email address to spammers. (but i wouldn't put it past them)

        I'm saying that Netflix is hiring spammers to spam whoever is in their lists (ME) to JOIN netflix.

        I get probably one Netflix spam every day, or at least every 2 days.

        Therefore I will NEVER join Netflix. Any business that thinks this asshole behaviour is acceptable can burn. And i'll discourage anybody who'll listen to doing business with them.
  • I don't mean to sound naive but what is the impetus that makes spam a revenue generator? Is it some kind of "sucker to spam" ratio.. for every 1 person who falls for the spam, enough revenue for 1000 spam e-mails is generated?

    • Well, let's say your moral compass has been permanently derailed and you are planning to enter the "spamming industry." You can buy CDs with e-mail lists for cheap (I believe it's something in the order of 1 million names for $100). You also would use a program to find open relays and exploit them (why run your own mail server when you can hijack someone else's for less dough). Then you forge your e-mail headers (after all, you don't want to deal with messy details like bouncing e-mails and angry recipients).

      Now say you send out a million spam e-mails. Your cost is $100 or so (the cost of the list) and whatever you're using for your Internet connection. That's less than a penny per person. If one hundredth of one percent of those names were to send $5 each, you'd take in $500, or about $400 profit. And that's just from one mailing. You'd ignore any "remove me off this #&*#&@ list" e-mails (actually, with the forged headers you wouldn't see them) and send another round hoping to lure in more suckers.

      Now these aren't hard and fast numbers, but you can see how some people are lured into the "easy money." Of course, breaking into people's homes and taking valuables is "easy money" also, but spammers somehow convince themselves that they have a constitutional right to misuse other people's bandwidth and time for their own personal gain.

      • It seems like 50% or more of the spam I receive is some kind of pyramid scheme.
        I wish law enforement agencies put in some effort against these entities (I've heard precious little done on this front).


        Seems to me spammers should be liable somehow for the bandwidth they waste. I believe the US postal service is paid duly by companies that send junk mail.. there's nothing to restrict spammers on their bandwidth.


        Then you get into the 'forging headers' side of things.. if someone's offering a good or service, doesn't this amount to fraud?

  • Before, when it was just the individual that was getting bombarded by offers of barely legal pr0n and penis enhancers, Big Brother (the govt) didn't really seem to care. Sure, a few states have instituted laws.. but honestly, how effective has the "ADV" required by CA law been, if at all?

    Finally, we're seeing reliable, solid information from big companies on how much these bits of unwanted flotsam are costing in actual dollars. This is exactly what it takes to get the Govt. to stand up and take notice. The big guys have the money, power, and voice to get the message heard and force action.

    Unfortunately, even once laws are in place, I don't see much of a decrease in spam. The senders are getting smarter and smarter, the harvesting techniques are getting better, and their obfuscated headers and relays make them damned hard to track. Add in the fact that a lot of this stuff is across international boundaries, which makes local laws difficult if not impossible to enforce, so even if you can track down the offender, you end up with an incredibly difficult case to litigate.

    I can see the same thing happening in this situation that has happened with online casinos: when things get unfriendly, they'll simply move their base of operation to a country that doesn't much care what they do as long as they're spending money. And with the right set up, it doesn't matter if they're spamming from NYC or Antartica... their damned message will still get through to cost you time and headaches.

  • not blacklists, whitelists (Score:5, Interesting)

    by einer ( 459199 ) on Thursday March 21, 2002 @02:04PM (#3202049) Journal
    This has been mentioned before (but I'm too lazy to search for the artcile), but blacklists aren't the answer. As inconvenient as it sounds, whitelists are the way to go. If your e-mail address isn't on the whitelist, your message doesn't get delivered. When a message is received that isn't on the whitelist, an automated message is sent to the sender informing them that they can be added to the whitelist by replying to this e-mail with a provided hash/password. Once they reply to the notification e-mail, they are whitelisted and their original message is delivered. Anyone who wanted to maintain a whitelist could do so, those who didn't want to bother with it could deal with the spam.
    • Lot's of time, when registering for a website for example, an email is required. It requires you to respond to an email to verify the authenticity of the address. Lot's of time you have no idea what the sender email address will be ahead of time and even what mail server it will come from.

      Obviously an automated email verification system won't understand the whitelist notice message and the whole thing will fail miserably.

      So you decide to create an address that doesnt block non-whitelisted emails and now that address is vulnerable to spam.

    • I was just going over this same exact thing with someone today, as we're trying to plan out a spam-blocking strategy for our network.

      One problem with whitelists is that you have come up with a good way of adding legitimate "big" email senders that are not going to take the time to authorize themselves on your whitelist. If you're out-and-out blocking messages not approved by the whitelist, your users have to remember to add companies to their whitelists manually when they want to receive their information. Even then it's not perfect, since you never know what address or domain a company might send from. (A lot of them outsource their email.)

      An ideal setup is something like SpamCop, where there's a queue of held mail, and your users can add people to whitelists and blacklists very easily (and even report spam if they're so inclined).

      One reason we don't want to just use SpamCop's services is because we'd rather be in control of all aspects of our filtering, so we'll do it in-house as I suspect a lot of people will.
    • I was just going to post this myself. Of course this solution is basically unacceptable to people who receive email from new and prospective clients regularly.

      Your idea of responding with a password that allows people to get added to the whitelist automatically is great as long as your system doesn't gain widespread use. If it did, then spam software would simply be updated to use the password. Probably not something to lose sleep over.. however, being a web designer my solution is to reply with a link to a form that people can use to email me. Granted, the form itself could be used to spam me, but it strikes me that spamming software that uses people's feedback forms would never be effective enough to make it a problem (what with the chaotic and dynamic nature of web forms).

      As far as blacklisting goes there are some decent alternatives in that vein too. Read my next post.

  • Simple solutions that work (Score:3, Informative)

    by Joe U ( 443617 ) on Thursday March 21, 2002 @02:06PM (#3202075) Homepage Journal
    It helps if you run your own mail server, I do.

    Three months ago I changed my email address. I told all my friends and created a new email address for them. Then, for every site I registered with, I used a slightly different address. I created a few generic addresses as well, for online shopping or one-time stuff.

    So far, only places I actually visited have sent me spam, but now it's easy enough to cut them off.

    And the mail is not annoying, I don't mind getting a buy.com sale email, because I buy from them.

    It's a simple solution, and it works well.
  • As the number of email addresses grow, so does the spammer's lists. Also, it doesn't take any more effort for them to click and send 4 million spams as it does for them to send 40 million. It's still just one click to a harvested list, and they never have to see or pay for the damage and headaches they cause.

    The problem is no one in power wants to admit that spam is getting to critical mass. Right now we're in an arms race as better blocking methods come up and better ways to run around those blocks are formed. The only sure way not to get spammed right now is to try to keep your email address private, but even that's failing as spambots get smarter about guessing valid addresses and databases of valid addresses get built. I even get spammed occassionally at work, and I've NEVER released that address to anyone.

    Until someone (read major corporation) comes up and says "Hey, this is a problem that's costing us money" the situation is just going to get worse. The spamming situation is reaching a point where it cannot be controlled without intervention via legislation. I'm not a big fan of governement control, but this is the sort of thing that should be looked at heavily...not whether Billy downloaded a copy of Britney Spear's latest single.
  • This suggests to me that there may be a growing need for a software or PCI wafer/chip AI that can be assigned tasks like filtering spam out that you don't want.

    And this goes beyond just making rules or blocking all spam - after all, I do want to know about the $120 round trip ticket offers for Myrtle Beach or the discounted digicam at ThinkGeek.

    The AI can work the same way Tivo does in being sensitive to the kind of email you prefer to get and maybe even smart enough to unsubscribe you from lists that you don't want to belong to or to reply to emails in your place.

    Give it a voice recognition program and it can be your phone receptionist, too.

  • It's hard not to notice (Score:4, Insightful)

    by kindbud ( 90044 ) on Thursday March 21, 2002 @02:11PM (#3202128) Homepage
    As the anti-spam vigilantes have become more shrill, more dogmatic, more draconian, and have moved into causing "collateral damage" to sites whose only crime is being neighbors of a spam sewer, the spam continues to increase.

    I submit that DNSBL and public blacklists are a failure. They have not done anything substantial to stem the tide of junk email, as this article shows.

    In fact, from what I can tell, the spammers use the various DNSBL, especially the ones that list open relays, in order to locate their next set of victim relays. They could not care less that a relative handful of fanatics who use the DNSBL as intended will not be seeing their message. In fact, they are probably happy to ensure that their message will not be seen by those who are most likely to report them and try to get their activities shut down.

    • In fact, from what I can tell, the spammers use the various DNSBL, especially the ones that list open relays, in order to locate their next set of victim relays.

      Y'know, this is the same argument that Microsoft uses against OSS. "You can't trust the security of open source software! The code just lays out there for any hacker to read!"

      • Yes, it seems to be the same argument, I agree.

        However, I never accused the DNSBL of being untrustworthy, nor did I call for them to be shut down. All I pointed out was that perhaps they are having an effect they they did not intend, to wit:
        1. DNSBL maintainers and users get less spam, and report less spam as a result, thereby rendering their efforts less effective
        2. The people who do not use DNSBL get more spam, thanks to the published list of open relays

        Implicit in my argument is the assumption that people who don't use any DNSBL are less likely to report spam. That could be a faulty assumption, but I think there is good reason to believe it. Therefore, the DNSBL tend to make spam more effective and harder to punish, because they have the effect of keeping spam away from those who are most likely to report it and pursue punitive actions. Therefore, people who don't use the DNSBL get more spam as a result.

        • Therefore, the DNSBL tend to make spam more effective and harder to punish, because they have the effect of keeping spam away from those who are most likely to report it and pursue punitive actions.

          Only until the spammers find a new relay to exploit, and then the cycle starts over again. The system is adaptive.

          Therefore, people who don't use the DNSBL get more spam as a result.

          And that's the argument used to promote open source software. "The tools are there for anyone who cares to use them, and those who do are more secure in the end."

  • Spam is as old as the mainstream Internet itself, but its alarming rise is challenging companies more than ever. In the past six months, the volume of junk mail sent online more than doubled, according to spam filter company Brightmail. Internet researcher Jupiter Media Metrix estimates that consumers will receive about 206 billion junk e-mailings in 2006--an average of 1,400 per person, compared with about 700 per person this year.


    This reminds me of a quote from the recent article [slashdot.org] regarding Simpsons math references:

    The Twisted World Of Marge Simpson (4F08, 1/19/97)

    Homer visits Disco Stu's "Can't Stop The Learnin'" Disco Academies kiosk at the Franchise Expo.

    Disco Stu: Did you know that disco record sales were up 400% for the year ending 1976? [points to a chart for the years 1973-1976] If these trends continue ... aaaaaaay!


    ian.

  • 1400? (Score:3, Insightful)

    by wizarddc ( 105860 ) on Thursday March 21, 2002 @02:13PM (#3202143) Homepage Journal
    That's not a lot, by a friggin longshot. I know Taco is in a unique situation, where people would put him on a list for paybacks or vendettas or whatever form of agression they are taking for not having their story accepted. Me, in a position where I really, really try to keep spam out of my inbox by only giving it to places I deem worthy, and removing myself from lists where I believe that will do me any good, I still get about 15 a day. Filtering out 90% helps, which might make it to 1400 spams a year that reach my inbox. But whoever is doing this study must really know how to repevent the uncolicited crap away If 4 a day is too much for them to handle.

  • Spamgourmet.com (Score:4, Informative)

    by mr.ska ( 208224 ) on Thursday March 21, 2002 @02:16PM (#3202180) Homepage Journal
    I've been using Spamgourmet.com [spamgourmet.com] for about a year now. It provides you with an unlimited number of valid, disposable e-mail addresses, and lets you decide how many times each address can be used. The first N e-mails sent to that address are forwarded to you, and everything else is eaten.

    It's perfect for registering online or leaving a temporary contact address. I've used it almost exclusively for one of my accounts, and I get virtually no spam on that account. It's a lifesaver.

    I can highly, HIGHLY recommend that you sign up [spamgourmet.com] with them. You'll thank me later.

  • Why not just re-invent the wheel? (Score:4, Insightful)

    by jeremy f ( 48588 ) on Thursday March 21, 2002 @02:17PM (#3202186) Homepage
    Back when e-mail was invented, say, in 1623 (I'm too lazy to do actual research), people used it as a basis of instant communication between two or more parties.

    (Some people used it as a basis of communication between only one party; however, these people were usually either the types who needed to write themselves little sticky notes, or they had disassociative identity disorder.)

    Considering how small the 'Internet' was back during the days of the first e-mail (I use quotes because, again, I've not done my research; and I'm uncertain whether e-mail or the 'net itself came first), e-mail was developed with a very open set of rules:

    I create a server.

    I set up a few accounts.

    I open a port to allow for e-mails to be sent to me.

    People connect to my computer, write me a message, and then magically disappear.

    In time, relaying was invented, and was implemented such that the existing mail servers could be used as relay points -- I send an e-mail from my computer, it gets bounced around until it reaches its recipient.

    Thus, the entire idea of e-mail.

    I hate to say it, but... This world of e-mail is greatly polluted. I'm not talking about Gulf of Mexico polluted -- this is pre-1972 Lake Erie polluted.

    So... Why not re-invent the wheel? We've been so concerned with building filtering applications, and layers upon layers over the basic SNMP protocol that we've forgotten that no matter how many bridges we build, we're still going to be able to look down and see the same polluted water.

    With this in mind, I call for a new type of e-mail service to be offered by various providers. One that explicitly denies old protocol e-mails. Something akin to Internet2, but for the public masses. Built-in encryption, a prerequisite (as well as several mechanisms) to determine that not only is the sender valid, but the router its sent from is uncompromised.

    While this won't solve all the problems associated with spam, it'll certainly alleviate them. With a protocol designed from the ground up to disallow things such as anonymous e-mails or misrepresented e-mail addresses; as well as several other measures which would make for not only for a secure, but unpolluted e-mail atmosphere, we can abandon the current system which has become so polluted with the waste, filth, and garbage known as 'spam'.

    Thank you.
    • With this in mind, I call for a new type of e-mail service to be offered by various providers. One that explicitly denies old protocol e-mails. Something akin to Internet2, but for the public masses. Built-in encryption, a prerequisite (as well as several mechanisms) to determine that not only is the sender valid, but the router its sent from is uncompromised.

      SMTP with user authentication already exitsts. SMTP with SSL/TLS-encrypted connections also exists. Yet open relays that don't care at all about who uses the server to send mail or if the mail is even valid exist as well. Designing a new protocol will not solve the problem, as there will always be incompetent/ignorant administrators and developers.

  • Piglets (Score:2, Informative)

    by olman ( 127310 )
    Hmph. Stuff like this makes me feel good about my Spamcop address. Now that yahoo retained pop servers and mail forwarding to paying customers .. AND stopped providing extra mailbox storage overseas, I reckon I'll be sticking with spamcop for the time being.

    Any other decent spam-filtering email services around? I noticed I can nuke 95% of SPAM with discarding any mail which doesn't have my name in the to or cc -field..

  • Violence is the only solution at this point. (Score:3, Funny)

    by Philbert Desenex ( 219355 ) on Thursday March 21, 2002 @02:19PM (#3202209) Homepage
    At this point in time the only possible solution to spamming is violence. We must hunt down spammers. We must kill them. We must chop them up and put their remains in a hollow gourd. We must see gourds on fire and fling them into the ocean in a solemn ceremony of disrespect.

  • The magic bullet (Score:2, Informative)

    by CKW ( 409971 )

    Here's a hint. Don't give spammers your e-mail address in the first place.

    Don't give it to shady businesses or websites, don't give it to amateur websites run by people you don't know, don't give it to small or medium sized businesses, don't give it to well known or big online or meat-space companies that have a reputation of being irresponsible in such matters, and don't give it to anyone whose privacy/non-use clauses don't look sincere or aren't backed by anyone you know.

    And munge your e-mail address when used on Usenet.

    That's it. I haven't gotten ONE SINGLE piece of spam in 4 years. I give my e-mail address to my friends and co-workers, the only people in the world who need it. It's on my website which is hosted from my ADSL line on dyndns.org, and it's never been reaped. It's in my profile at some online-groups and semi-private blog places (my CS clan's web-forum for example), and they've never been reaped.

    An ounce of prevention is worth a pound of cure!

    All that we need is a honest to goodness education campaign by the ISPs to clue in their lusers.

  • it was nice (Score:2, Funny)

    by abolith ( 204863 )
    when my ISP decided to block ALL inbound mail coming from Asia. the spam dropped from 30 a day to FOUR. then under pressure they opened back up and now I am getting 50+ !!
    *sigh* I hate spammers with a passion. A good friend decided to start spamming from his computer to promote his new business, so I Dos attacked him until he stopped :) after all thats what friends do for each other.

  • SPAM as theft. (Score:3, Insightful)

    by Hallow ( 2706 ) on Thursday March 21, 2002 @02:37PM (#3202369) Homepage
    All the SPAM'ers cite freedom of speech. Well, I wanna know what the hell happened to your rights ending where mine begin?

    The problem of SPAM on fax machines back in the 80's, due to the fact that paper/toner/etc. cost $$ as well as tying up a business' fax line prompted a law that bans SPAMing fax machines. It was the use of resources and stopping of business that got this law passed.

    Well, bandwidth is a resource, and if a major ISP's mail service is unusable for a good chunk of time, that's a stopping of business.

    I pay for my bandwidth to run my own server. Using my resources (bandwidth), for a purpose I don't approve of, should be considered theft. It might be different for a dialup user (the end user doesn't pay for bandwidth, they pay a monthly fee for access, the ISP pays for the bandwidth, usually).

    I'm so incredibly sick of SPAM! Oh, and by all means, I don't want to limit SPAM to commercial mail. I think any email that is soliciting, be it a campaign contribution, a donation to the kidney fund, or religion oriented ("come join us in fellowship", blah) should be considered SPAM as well.

    Although, having said all that, I think that legislation is only part of the problem. I think what we need is a modification to the SMTP protocol itself that makes it easy and lightweight to identify and handle these types of email, and legislation enforcing this.

    Something like identifying the message as spam immediately after the HELO or RCPT TO, or perhaps even requiring spam to use another port!

    But even that's not enough because you know those direct marketing jackasses will still send it without the proper identifiers.

    I'm real close to setting up a system where you have to give me your email address and I have to approve you to send me email or I'll never see it. (with a seperate dump account for registrations for web boards, etc.)
    • I pay for my bandwidth to run my own server. Using my resources (bandwidth), for a purpose I don't approve of, should be considered theft.

      The problem is codifying this sentiment into a law that applies universally. If the standard is to be "I don't approve of it, therefore it is theft" then what if a person disapproves of retransmitted FINs (because ZoneAlarm squawks about them)? Is it then actionable to have a web server with kernel tunes that do not take ZoneAlarm's incredibly short memory into account?

      I'm sure you didn't mean that an anti-spam law should encode what Hallow thinks is appropriate, and apply that to everyone.

      Even if you get a law passed, there is still the question of due process. If you get spammed, you still have to press charges, and the courts have to locate the spammer before he can be served. And even if you win the case, if its a civil matter you then face the chore of trying to collect on the judgement. If it's a criminal case, the spammer is in jail, or fined, or both. Well, that spammer is in jail. The other fifty million are still at large, still abusing Asian relays. So what have you accomplished?

      I ask you, was all that effort really worth it to avoid having to hit delete? Or would you prefer to do away with due process in order to avoid those extra mouse clicks? Sometimes I wonder...
  • Is it possible to file a bug against an RFC? If so, I'm going to post to bugtraq about RFC 2821.

    Spam is a problem for users. But the problem that users have pales in comparison to the problem that ISPs and other providers have.

    Most of the available solutions are catch-up solutions, which, like virus detection software, always arrives too late and is easily defeated (and in any case not the best way to solve the problem).

    Anyhoo, why is spam the ultimate DoS? Very simple. Spammer sends 50,000+ emails to 50,000+ addresses using a forged "From: fooXK343@forgedfrom.tld" header. 49,987 of the spam emails bounce, and where to they go? You guessed it, right to fooXK343@forgedfrom.tld. fooXK343@forgedfrom.tld doesn't exist, of course, so the messages get double-bounced to postmaster@forgedfrom.tld.

    What can postmaster@forgedfrom.tld do? Very little.

    Can he block the incoming connections? No, they are coming from 49,987 different sources, most of which are valid functioning SMTP servers.

    Can he contact the admin of the machine or relay where the spam is coming from? Sure, if he magically has 37 hours in his day. But, the relay server is most likely a rooted machine on the other side of the world. Good luck there. Or, the machine belongs to one of the 15 largest ISPs on the planet, in which case he will have to jump through 7 different hoops to talk to the person that can fix the problem. And even if he does get through to that person and the offending dialup account is shut down, the spammer usually has 15 more compromised accounts to choose from and is active on the same ISP within days. Would the large ISP share information so postmaster@forgedfrom.tld can track down the spammer? Doubt it.

    Can't postmaster@forgedfrom.tld just send all incoming messages to fooXK343@forgedfrom.tld to the bitbucket? Sure. Will that save his bandwidth and prevent the DoS? Nope.

    That's why Spam is the Ultimate DoS. A bug should be filed against RFC 2821. The implications of this type of DoS becoming widespread are serious.

  • Extend the SMTP protocol for crying out loud. (Score:3, Insightful)

    by dingbat2002 ( 568051 ) on Thursday March 21, 2002 @02:48PM (#3202474)
    a) It's clear that a legal solution probably won't work since SPAMMers will just move their operations to more legally clement shores and the one-world-government isn't around yet to enforce anti-spam laws on a planetary scale yet .

    b) It's clear that a technological filtering solution is probably not the ideal way to go because ultimately, any filtering scheme doesn't address the issue that the SPAM is out there and it's still flooding our networks, regardless if you detect it as a SPAM or not.

    The only conclusion is that we really need to fix the problem at it's source. Change the SMTP protocol to include a handshaking/whitelisting layer. Is there a reason why the big mail server makers and mail client makers couldn't get together and work on an extention of the protocol that would make the protocol secure?

    To me, this is a no brainer and it's probably the only way to go at this point.

  • I wish I could find the email that a friend of mine at my ISP sent me a while back (irony at its best).

    Basically he has some software that parses emails and assigns it a 'spam value'. That is, it searches for various patterns, and cumulatively adds up the 'weights' for each pattern that matches. Because there are common threads throughout spam, and because a typical spam contains many identifiable factors, this software makes it possible to filter on patterns that you don't want to just filter outright (eg. HTML emails, or mail that contains porn-related swear words).

    Can anyone remember the name of this software? I'm not familiar enough with unix administration to remember exactly what it's called or the gory implementation details.
    • Sounds a lot like SpamAssassin [spamassassin.org]. It's rather easy to implement if you're using qmail-scanner, you just re-configure your qmail scanner to do it. To have it filter out patterns that you don't like, you just go into the /etc/spamassassin.cf file and touch the fields along with a new value. Very easy, simple to install, and powerful.

      I use it on my systems on both my home and live boxes, and I have it set both the X-Message-Flag header as well as the normal X-Spam-Flag: YES that spamassassin uses; so that the ones who use Micro$oft's Outlook/OE can filter their spam by flags.

  • These guys [spamradio.com] set up a fun little system: incoming spam is stripped down to plain text, fed into a text-to-speech program, and then set to music. They broadcast 24 hours a day, and I've got to say that it becomes kind of hynotic...

    I think it also has great business potential; spammers could use the stream as the hold music for their phone systems -- when people call up to complain about having been added to a "permission based" list without doing anything, they have to listen to spam while they wait.

    Just a joke... =)

  • I was young and stupid, and years ago I used my real, work address on Usenet. I answered a lot of newbie questions, so I wanted to make it easier for them to reply. Back then, I got 2 or 3 pieces of SPAM an hour, so didn't seem to cause much damage.

    Now I get that in an hour. I got a big spike when Google brought back old posts. We have Netscape Messenger Service as our mail server. I usually use IMAP, though there is a web interface I sometimes am stuck with. Is there a way of filtering this account? Supposedly you can do server based filters in some clients, but our NMS doesn't seem to support this. I'm on a W2K box, so i'm not sure if fetchmail is an option.
  • By my calculations I currently get over 3000 spams in a year. Thank goodness I have filters to block some of this and earthlinks spaminator.... I think every ISP/mail service should have a spaminator...

Slashdot Top Deals

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Close